System security for a connection between service integration and a WebSphere® MQ network is provided by the Transport Level Security (TLS) and Secure Sockets Layer (SSL) protocols.
When WebSphere Application Server uses SSL, the administrator must create an SSL repertoire, a channel and a transport chain. The transport chain must be referenced by the WebSphere MQ server through the server transport chain attribute, and must also be a trusted transport for the service integration bus to which the WebSphere MQ server belongs. The default setting is for service integration buses to trust only the SSL transport.
wsadmin>tcs = AdminConfig.list("TransportChannelService" ).splitlines()[0] AdminConfig.create("TCPOutboundChannel" , tcs, [["name" , "MyWMQChain.TCP"]]) wsadmin>ssl=... wsadmin>AdminConfig.create("SSLOutboundChannel" , tcs , [["name" , "MyWMQChain.SLL"] , ["sslConfigAlias" , "MyRepertoire"]]) wsadmin>rmq=... wsadmin>AdminConfig.create("RMQOutboundChannel" , tcs , [["name" , "MyWMQChain.RMQ"]]) wsadmin>tcp=... wsadmin>AdminConfig.create("Chain" , tcs , ["name" , "MyWMQChain"] , ["enable" , "true"] , ["transportChannels", [rmg , ssl , tcp]])This example creates a transport chain suitable for connecting a WebSphere MQ server to WebSphere MQ by using SSL. The chain is called MyWMQChain, and uses an SSL repertoire called MyRepertoire.
WebSphere MQ uses a single cipher suite only for securing connections to a queue manager, although WebSphere Application Server SSL repertoires allow you to specify multiple cipher suites. Each cipher suite is tried sequentially until a successful connection is established, or until all the cipher suites have been tried. The most recent cipher suite that allowed a successful connection is cached on a WebSphere MQ server bus member basis, and is tried first on subsequent connection attempts.
When transport security is enabled, the transport chain used for connections to WebSphere MQ must be a permitted chain otherwise it is not possible to establish a connection to WebSphere MQ.